fix: increase healthcheck timeout and document security env vars

aspiers · aspiers · commit 5719bb2a50c1 · 2026-02-11T16:58:14.000+13:00
- Increase Railway healthcheckTimeout from 3s to 10s in case this is an issue. - Document TRUST_PROXY_HEADERS, ALLOWED_ORIGINS, and SECRET_KEY_BASE in the README Configuration section. These were introduced in the security fix (0d95edf) but never documented. - Add .vercel to .gitignore.
diff --git a/.gitignore b/.gitignore
@@ -59,3 +59,4 @@ temp/
 
 # AI tools
 .opencode/
+.vercel
diff --git a/README.md b/README.md
@@ -125,6 +125,18 @@ EXTERNAL_BASE_URL=http://localhost:8080
 # Admin access (comma-separated DIDs)
 ADMIN_DIDS=did:plc:your-did-here
 
+# Security — required for session encryption (min 64 chars)
+SECRET_KEY_BASE=your-secret-key-at-least-64-characters-long-generate-with-openssl-rand
+
+# Proxy auth — set to true when running behind a trusted reverse proxy
+# (e.g. Next.js frontend on Vercel) that sets the X-User-DID header.
+# WARNING: Never enable this when the server is directly exposed to the internet.
+TRUST_PROXY_HEADERS=false
+
+# WebSocket origins — comma-separated allowed origins for subscriptions.
+# Empty = same-origin only. Set to "*" for development.
+# ALLOWED_ORIGINS=https://your-frontend.vercel.app
+
 # Jetstream (real-time indexing)
 # Collections are auto-discovered from registered lexicons
 # Or specify manually:
diff --git a/railway.toml b/railway.toml
@@ -3,6 +3,6 @@ builder = "dockerfile"
 
 [deploy]
 healthcheckPath = "/health"
-healthcheckTimeout = 3
+healthcheckTimeout = 10
 restartPolicyType = "on_failure"
 restartPolicyMaxRetries = 3

Original file line number	Diff line number	Diff line change
`@@ -59,3 +59,4 @@ temp/`
`59`	`59`
`60`	`60`	`# AI tools`
`61`	`61`	`.opencode/`
	`62`	`+.vercel`